CVE-2018-19573
https://notcve.org/view.php?id=CVE-2018-19573
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. CE/EE, versiones 10.3 hasta 11.x y anteriores a 11.3.11, versiones 11.4 y anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en los campos Markdown por medio de Mermaid. • http://www.securityfocus.com/bid/109164 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/45906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-19577
https://notcve.org/view.php?id=CVE-2018-19577
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. CE/EE, versiones 8.6 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de Gitlab, son susceptibles a una vulnerabilidad de control de acceso incorrecta que muestra a un usuario no autorizado el título y el espacio de nombres de un problema confidencial • http://www.securityfocus.com/bid/109179 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/52444 • CWE-284: Improper Access Control •
CVE-2018-19496
https://notcve.org/view.php?id=CVE-2018-19496
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. Se descubrió un problema en Community and Enterprise Edition versiones 10.x y versiones 11.x anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Hay una vulnerabilidad de control de acceso incorrecta que le permite a un usuario con pocos privilegios promover un hito de proyecto a un hito de grupo. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51301 • CWE-284: Improper Access Control •
CVE-2018-19495
https://notcve.org/view.php?id=CVE-2018-19495
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. Se detectó un problema en Community and Enterprise Edition versiones anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Se presenta una vulnerabilidad de tipo SSRF en la integración de Prometheus. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ee/issues/8167 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2018-19494
https://notcve.org/view.php?id=CVE-2018-19494
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. Se detectó un problema en Community and Enterprise Edition versiones 11.x anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Hay una vulnerabilidad de acceso incorrecta que permite a un usuario no autorizado visualizar nombres de grupos privados. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51262 • CWE-284: Improper Access Control •